Re: Why can't we get a proper installation method to keep OpenSSL at the latest revision for Linux?

2021-05-31 Thread Mauricio Tavares 
On Mon, May 31, 2021 at 7:02 AM Michael McKenney via openssl-users
 wrote:
>
> My wordpress servers are under constant attack.  My Fortinet 60E firewall 
> logs are filled.  Openssl is constantly reported on The Hacker News and other 
> sites.   So I don’t need to worry about upgrading OpenSSL in the future to 
> 1.1.1k or above?   I can just use what the distro has to offer by apt?  
> Ubuntu 20.04 started with 1.1.1f.My Kali server is mainly used for Try 
> Hack Me challenges and learn cyber security.
>
  Security is a series of compromises based on understanding your
needs and defense in depth. For instance, do you run something like
fail2ban? Do you monitor your logs and network traffic?

>
> From: Jan Just Keijser 
> Sent: Monday, May 31, 2021 5:55 AM
> To: Michael McKenney ; 
> openssl-users@openssl.org
> Subject: Re: Why can't we get a proper installation method to keep OpenSSL at 
> the latest revision for Linux?
>
>
>
> On 30/05/21 14:05, Michael McKenney wrote:
>
> Why can't we get a proper installation method to keep OpenSSL at the latest 
> revision for Linux?
>
> My biggest compliant with Linux is it is so difficult to get best practice 
> installations for services like OpenSSL.   Ubuntu is still on 1.1.1f.I 
> have been trying to upgrade to 1.1.1k.   Openssl version -a states I am on 
> 1.1.1k.   When programs in Wordpress that use OpenSSL show I am using 
> 1.1.1.f.   Spending hours of time on various sites like AskUbuntu.com, only 
> to be disappointed.   Microsoft has best practices guides for installations.  
>  Why can’t we get them for Linux.
>
>
>
>
>
> this is both very hard and undesirable:
> openssl can be regarded as a low-level system library that is used by many 
> applications across the entire Linux distribution. You cannot simply upgrade 
> this low-level system library without breaking these applications. 
> Admittedly, for an upgrade from 1.1.1f -> 1.1.1k the risk of introducing an 
> API change is quite low, but for anything else (e.g. 1.1.0x -> 1.1.1k) you 
> will almost certainly have to rebuild and relink all applications that depend 
> on the OpenSSL libraries.
> This is not something you can expect from the Linux distro maintainers. For 
> them, it is far less risky to backport security fixes to the version of 
> OpenSSL that they built their distro on (e.g. Ubuntu 20 > 1.1.1f; CentOS 7 -> 
> 1.0.2k (yes!), etc).
>
> Note that most update woes that Windows 10 has had over the past few years 
> were related to library updates breaking applications - so even microsoft has 
> problems with "best practices".
>
> HTH,
>
> JJK

Re: Goodbye

2020-07-03 Thread Mauricio Tavares 
On Fri, Jul 3, 2020 at 9:03 AM Marc Roos  wrote:
>
>
> What a non-sense changing these words. Also hypocrite of Akamai, looking
> at the composition of the executive team.
>
> https://www.akamai.com/us/en/about/leadership/executive-team/
>
> https://www.akamai.com/us/en/about/leadership/executive-team/operating-committee.jsp
>
  To me it reminds me of the Minitrue RecDep.
>
> -Original Message-
> To: openssl-users
> Subject: Goodbye
>
> *   topic: Change some words by accepting PR#12089
>
> *
>
> *   4 against, 3 for, no absensions
>
>
>
> I am at a loss for words.
>
>
>
> I can’t contribute to a project that feels this way.  The OMC (list at
> [1], a picture of some of them at [2] although it includes non-OMC
> members) is, in my view, on the wrong side of history. I hope that in
> time, the four men who voted against it will develop more – what,
> empathy? – and that sometime in the future this PR [3], or similar,
> will be merged.  Until then, I will do what I have to in order to insure
> that Akamai’s needs for FIPS are met and once 3.0 is released, I will
> be fully applying my modest talents elsewhere.
>
>
>
> I have closed all non-FIPS PR’s, and as soon as I see this message in
> my inbox, I will unsubscribe from this list. I can be reached as rsalz
> at akamai.com.
>
>
>
> [1] https://www.openssl.org/community/omc.html
>
> [2] https://www.openssl.org/blog/blog/2019/05/23/f2f-committers-day/
> 
>
> [3] https://github.com/openssl/openssl/pull/12089
> 
>
>
>
>

Re: Certificate

2014-08-26 Thread Mauricio Tavares 
On Aug 26, 2014 2:45 AM, "Amir Reda"  wrote:
>
> Dear all
> I need your help for those points
> 1- i want create 102 certificate from a certificate authority that i made
((101 node and 1 CA)
> 2- change the certificate that i have created into unsigned int in order
to fit the simulator that i work with as a header type i use NS3 simulator
> please i need help
>
  What is the problem exactly? Post the cert creation script you wrote
and the errors you are getting.

> --
> Warmest regards and best wishes for a good health,urs sincerely
> mero

Re: test

2014-08-04 Thread Mauricio Tavares 
On Mon, Aug 4, 2014 at 8:02 AM, Michael  wrote:
> Apology for the test, but not seeing my mails arrive.

  Think they do not like you anymore?

  I am replying to both the list and you directly, so you should
get 2 equally useless emails.

> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: graphic arts help needed

2014-05-08 Thread Mauricio Tavares 
On Thu, May 8, 2014 at 12:20 PM, Steve Marquess
 wrote:
> On 05/08/2014 11:21 AM, Jeroen de Neef wrote:
>> Maybe there can be multiple entries, and have Nokia, you or the mailing
>> list decide which they like.
>
> Well, that's fine but it wasn't really my intention to create a contest
> and ask people to contribute labor that wouldn't be used.
>
  So what? Other groups -- CentOS and Ubuntu come to mind -- do
that. Competition is not bad; it can be very fun. And if you
(permanently) place the contenders' artwork somewhere online, they
will all get something back. They will be able to say -- and show --
they were in this contest. That is really the best you can do for all
participants IMHO.

> But if we do get a choice of several I will ask the sponsor, the team,
> and possibly others for an opinion. We certainly don't want to depend on
> my artistic judgment!
>
  Get the community involved too while you were at it.

> On 05/08/2014 11:55 AM, Jeroen de Neef wrote:
>> I also have a few questions.
>>
>> Are these volunteers allowed to display the work on their site and
>> claim that they made it?
>
> Certainly.
>
  And this is why I suggested a permanent location for all the
entries. Each volunteer would then be able to link it to, say,
openssl.org/artwork/competition/2014/, and say "hey, I was there! I
did that"

>> I am also asking what you are willing to give these designers for a
>> professional logo, because I know a guy that could make one for a bit
>> of money.
>> Maybe you can make a prize for the chosen logo.
>
> For "a bit of money" we could do many things :-), which is why I asked
> for volunteers willing to bask in the warm glow of accomplishment and
> gratitude in lieu of any tangible remuneration.
>
  Going back to what I mentioned earlier, I *think* (scary verb
this is) most of the artwork used in, say, ubuntu is all donated by
the community down to icons and wallpapers.

> -Steve M.
>
> --
> Steve Marquess
> OpenSSL Software Foundation, Inc.
> 1829 Mount Ephraim Road
> Adamstown, MD  21710
> USA
> +1 877 673 6775 s/b
> +1 301 874 2571 direct
> marqu...@opensslfoundation.com
> marqu...@openssl.com
> gpg/pgp key: http://openssl.com/docs/0xCE69424E.asc
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Automating self signed certificate creation

2012-11-02 Thread Mauricio Tavares 
On Fri, Nov 2, 2012 at 4:23 PM, Ken Goldman  wrote:
> I create a self signed certificate using
>
>> openssl req -new -x509 -key ... -out ... -days ...
>
> It then prompts for the country, state, locality, etc.
>
> Is there a way to enter that data on the command line or in a configuration
> file to avoid the prompts?  I tried -config and a configuration file, but
> that seems to just change the defaults.  It still prompts.
>
> Rationale:
>
> I can script it and avoid user errors.
> I can automate changing the values for regression testing.
>
  Try something like:

-subj "/C=US/ST=Florida/L=Waldo/O=Mythical Mad Monkeys, GmbH./OU=IT/CN=$FQDN"

as an argument to your openssl statement.

> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: openssl 1.0.1c at Windows 2003 server (UNCLASSIFIED)

2012-10-05 Thread Mauricio Tavares 
On Fri, Oct 5, 2012 at 9:16 AM, Hu, Yingwoei CIV USARMY ARDEC (US)
 wrote:
> Classification: UNCLASSIFIED
> Caveats: FOUO
>
> Hi,
>
> We used to have the openssl 0.9.8k at Windows 2003 server, at 
> \bin\openssl.exe to run the command line.
>
> As the new release openssl 1.0.1c, can we apply the new openssl at Windows 
> 2003 server?  I cannot find the openssl.exe but instead openssl.c there.  
> Please let me know to run the command line for this new version at Windows 
> 2003 server.
>
  So what is in http://www.openssl.org/related/binaries.html did
not work for you?

> Thanks,
>
> Simon Hu
>
> Classification: UNCLASSIFIED
> Caveats: FOUO
>
>
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager   majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org